After doing some programming for the day, I noticed that running npm audit on a number of my react projects was always returning 0 vulnerabilities. I found this extremely odd, especially since one project earlier that day had 8 vulnerabilities. I checked all of the projects in the folder I keep my programming repositories and even more oddly the same issue persisted with npm audit returning 0 vulnerabilities in all projects.
I tried uninstalling node.js, as well as clearing the npm and npm cache folders in AppData/Roaming which resulted in the same problem persisting. Knowing that I had an old repository that had not been updated in years, I cloned the repository, tried installing dependencies and 0 vulnerabilities were found again. I also tried two other methods, one installing an older version of an npm package to try to see if I could replicate getting some sort of npm audit vulnerability as well as looking at the Github advisories for out of date packages that would trigger the vulnerability as well. Moreover, I tried initializing a new project with create-react-app, which to my understanding, still had a number of vulnerabilities, and despite trying all three of those methods, the same issue.
node version = v20.12.2
npm version = 10.5.0 + also tried 10.6.0
I'm kind of at a loss on how to think about this issue. Maybe its a npm configuration issue or I ran a command on accident in my workflow? Running commands like npm install, npm uninstall, npm run dev or npm start seem to work just fine. I have tried looking at the configuration options around npm audit but I have not been able to find any specific issues.
Everyone has this problem right now. There's something wrong with npms Security Audit API Have a ticket created at there support. But no answer yet.
Edit: NPMs support gott back to me and this has now been fixed